wangchunlin
/
cvat
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Updated documentation "How to use preexisting secrets for external DB and Redis" (#5505)

Browse Source
main
Andrey Zhavoronkov 3 years ago committed by GitHub
parent af65707eee
commit aeef8276c7
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
12 changed files with 198 additions and 120 deletions
Show Stats Download Patch File Download Diff File

2
cvat/settings/production.py
Unescape Escape View File

@ -11,9 +11,9 @@ INSTALLED_APPS += [
]
NUCLIO['HOST'] = os.getenv('CVAT_NUCLIO_HOST', 'nuclio')
for key in RQ_QUEUES:
RQ_QUEUES[key]['HOST'] = os.getenv('CVAT_REDIS_HOST', 'cvat_redis')
RQ_QUEUES[key]['PASSWORD'] = os.getenv('CVAT_REDIS_PASSWORD', '')
# Django-sendfile:
# https://github.com/moggers87/django-sendfile2

6
helm-chart/Chart.yaml
Unescape Escape View File

@ -15,7 +15,7 @@ type: application
# This is the chart version. This version number should be incremented each time you make changes
# to the chart and its templates, including the app version.
# Versions are expected to follow Semantic Versioning (https://semver.org/)
version: 0.4.5
version: 0.5.0
# This is the version number of the application being deployed. This version number should be
# incremented each time you make changes to the application. Versions are not expected to
@ -26,12 +26,12 @@ appVersion: latest
dependencies:
- name: redis
version: "16.13.*"
version: "17.3.*"
repository: https://charts.bitnami.com/bitnami
condition: redis.enabled
- name: postgresql
version: "10.16.*"
version: "12.1.*"
repository: https://charts.bitnami.com/bitnami
condition: postgresql.enabled

11
helm-chart/templates/cvat-postgres-secret.yml
Unescape Escape View File

@ -8,10 +8,9 @@ metadata:
{{- include "cvat.labels" . | nindent 4 }}
type: generic
stringData:
postgresql-hostname: "{{ .Release.Name }}-postgresql"
postgresql-database: {{ .Values.postgresql.postgresqlDatabase }}
postgresql-username: {{ .Values.postgresql.postgresqlUsername }}
postgresql-password: {{ .Values.postgresql.secret.password }}
postgresql-postgres-password: {{ .Values.postgresql.secret.postgres_password }}
postgresql-replication-password: {{ .Values.postgresql.secret.replication_password }}
database: {{ .Values.postgresql.auth.database }}
username: {{ .Values.postgresql.auth.username }}
password: {{ .Values.postgresql.secret.password }}
postgres-password: {{ .Values.postgresql.secret.postgres_password }}
replication-password: {{ .Values.postgresql.secret.replication_password }}
{{- end }}

12
helm-chart/templates/cvat-redis-secret.yml
Unescape Escape View File

@ -0,0 +1,12 @@
{{- if .Values.redis.secret.create }}
apiVersion: v1
kind: Secret
metadata:
name: "{{ tpl (.Values.redis.secret.name) . }}"
namespace: {{ .Release.Namespace }}
labels:
{{- include "cvat.labels" . | nindent 4 }}
type: generic
stringData:
redis-password: {{ .Values.redis.secret.password }}
{{- end }}

36
helm-chart/templates/cvat_backend/cvat_worker_webhooks/deployment.yml
Unescape Escape View File

@ -59,39 +59,37 @@ spec:
- name: CVAT_REDIS_HOST
value: "{{ .Values.redis.external.host }}"
{{- end }}
{{- if .Values.postgresql.enabled }}
- name: CVAT_POSTGRES_HOST
- name: CVAT_REDIS_PASSWORD
valueFrom:
secretKeyRef:
name: "{{ tpl (.Values.postgresql.secret.name) . }}"
key: postgresql-hostname
name: "{{ tpl (.Values.redis.secret.name) . }}"
key: redis-password
{{- if .Values.postgresql.enabled }}
- name: CVAT_POSTGRES_HOST
value: "{{ .Release.Name }}-postgresql"
- name: CVAT_POSTGRES_PORT
value: "{{ .Values.postgresql.service.ports.postgresql }}"
{{- else }}
- name: CVAT_POSTGRES_HOST
value: "{{ .Values.postgresql.external.host }}"
- name: CVAT_POSTGRES_PORT
value: "{{ .Values.postgresql.external.port }}"
{{- end }}
- name: CVAT_POSTGRES_USER
valueFrom:
secretKeyRef:
name: "{{ tpl (.Values.postgresql.secret.name) . }}"
key: postgresql-username
key: username
- name: CVAT_POSTGRES_DBNAME
valueFrom:
secretKeyRef:
name: "{{ tpl (.Values.postgresql.secret.name) . }}"
key: postgresql-database
key: database
- name: CVAT_POSTGRES_PASSWORD
valueFrom:
secretKeyRef:
name: "{{ tpl (.Values.postgresql.secret.name) . }}"
key: postgresql-password
{{- else }}
- name: CVAT_POSTGRES_HOST
value: "{{ .Values.postgresql.external.host }}"
- name: CVAT_POSTGRES_USER
value: "{{ .Values.postgresql.external.user }}"
- name: CVAT_POSTGRES_DBNAME
value: "{{ .Values.postgresql.external.dbname }}"
- name: CVAT_POSTGRES_PASSWORD
value: "{{ .Values.postgresql.external.password }}"
- name: CVAT_POSTGRES_PORT
value: "{{ .Values.postgresql.external.port }}"
{{- end }}
key: password
{{- with .Values.cvat.backend.worker.webhooks.additionalEnv }}
{{- toYaml . | nindent 10 }}
{{- end }}

36
helm-chart/templates/cvat_backend/server/deployment.yml
Unescape Escape View File

@ -89,39 +89,37 @@ spec:
- name: CVAT_REDIS_HOST
value: "{{ .Values.redis.external.host }}"
{{- end }}
{{- if .Values.postgresql.enabled }}
- name: CVAT_POSTGRES_HOST
- name: CVAT_REDIS_PASSWORD
valueFrom:
secretKeyRef:
name: "{{ tpl (.Values.postgresql.secret.name) . }}"
key: postgresql-hostname
name: "{{ tpl (.Values.redis.secret.name) . }}"
key: redis-password
{{- if .Values.postgresql.enabled }}
- name: CVAT_POSTGRES_HOST
value: "{{ .Release.Name }}-postgresql"
- name: CVAT_POSTGRES_PORT
value: "{{ .Values.postgresql.service.ports.postgresql }}"
{{- else }}
- name: CVAT_POSTGRES_HOST
value: "{{ .Values.postgresql.external.host }}"
- name: CVAT_POSTGRES_PORT
value: "{{ .Values.postgresql.external.port }}"
{{- end }}
- name: CVAT_POSTGRES_USER
valueFrom:
secretKeyRef:
name: "{{ tpl (.Values.postgresql.secret.name) . }}"
key: postgresql-username
key: username
- name: CVAT_POSTGRES_DBNAME
valueFrom:
secretKeyRef:
name: "{{ tpl (.Values.postgresql.secret.name) . }}"
key: postgresql-database
key: database
- name: CVAT_POSTGRES_PASSWORD
valueFrom:
secretKeyRef:
name: "{{ tpl (.Values.postgresql.secret.name) . }}"
key: postgresql-password
{{- else }}
- name: CVAT_POSTGRES_HOST
value: "{{ .Values.postgresql.external.host }}"
- name: CVAT_POSTGRES_USER
value: "{{ .Values.postgresql.external.user }}"
- name: CVAT_POSTGRES_DBNAME
value: "{{ .Values.postgresql.external.dbname }}"
- name: CVAT_POSTGRES_PASSWORD
value: "{{ .Values.postgresql.external.password }}"
- name: CVAT_POSTGRES_PORT
value: "{{ .Values.postgresql.external.port }}"
{{- end }}
key: password
{{- if .Values.nuclio.enabled }}
- name: CVAT_SERVERLESS
value: "1"

36
helm-chart/templates/cvat_backend/utils/deployment.yml
Unescape Escape View File

@ -60,39 +60,37 @@ spec:
- name: CVAT_REDIS_HOST
value: "{{ .Values.redis.external.host }}"
{{- end }}
{{- if .Values.postgresql.enabled }}
- name: CVAT_POSTGRES_HOST
- name: CVAT_REDIS_PASSWORD
valueFrom:
secretKeyRef:
name: "{{ tpl (.Values.postgresql.secret.name) . }}"
key: postgresql-hostname
name: "{{ tpl (.Values.redis.secret.name) . }}"
key: redis-password
{{- if .Values.postgresql.enabled }}
- name: CVAT_POSTGRES_HOST
value: "{{ .Release.Name }}-postgresql"
- name: CVAT_POSTGRES_PORT
value: "{{ .Values.postgresql.service.ports.postgresql }}"
{{- else }}
- name: CVAT_POSTGRES_HOST
value: "{{ .Values.postgresql.external.host }}"
- name: CVAT_POSTGRES_PORT
value: "{{ .Values.postgresql.external.port }}"
{{- end }}
- name: CVAT_POSTGRES_USER
valueFrom:
secretKeyRef:
name: "{{ tpl (.Values.postgresql.secret.name) . }}"
key: postgresql-username
key: username
- name: CVAT_POSTGRES_DBNAME
valueFrom:
secretKeyRef:
name: "{{ tpl (.Values.postgresql.secret.name) . }}"
key: postgresql-database
key: database
- name: CVAT_POSTGRES_PASSWORD
valueFrom:
secretKeyRef:
name: "{{ tpl (.Values.postgresql.secret.name) . }}"
key: postgresql-password
{{- else }}
- name: CVAT_POSTGRES_HOST
value: "{{ .Values.postgresql.external.host }}"
- name: CVAT_POSTGRES_USER
value: "{{ .Values.postgresql.external.user }}"
- name: CVAT_POSTGRES_DBNAME
value: "{{ .Values.postgresql.external.dbname }}"
- name: CVAT_POSTGRES_PASSWORD
value: "{{ .Values.postgresql.external.password }}"
- name: CVAT_POSTGRES_PORT
value: "{{ .Values.postgresql.external.port }}"
{{- end }}
key: password
{{- if .Values.nuclio }}
- name: CVAT_SERVERLESS
value: "1"

36
helm-chart/templates/cvat_backend/worker_default/deployment.yml
Unescape Escape View File

@ -59,39 +59,37 @@ spec:
- name: CVAT_REDIS_HOST
value: "{{ .Values.redis.external.host }}"
{{- end }}
{{- if .Values.postgresql.enabled }}
- name: CVAT_POSTGRES_HOST
- name: CVAT_REDIS_PASSWORD
valueFrom:
secretKeyRef:
name: "{{ tpl (.Values.postgresql.secret.name) . }}"
key: postgresql-hostname
name: "{{ tpl (.Values.redis.secret.name) . }}"
key: redis-password
{{- if .Values.postgresql.enabled }}
- name: CVAT_POSTGRES_HOST
value: "{{ .Release.Name }}-postgresql"
- name: CVAT_POSTGRES_PORT
value: "{{ .Values.postgresql.service.ports.postgresql }}"
{{- else }}
- name: CVAT_POSTGRES_HOST
value: "{{ .Values.postgresql.external.host }}"
- name: CVAT_POSTGRES_PORT
value: "{{ .Values.postgresql.external.port }}"
{{- end }}
- name: CVAT_POSTGRES_USER
valueFrom:
secretKeyRef:
name: "{{ tpl (.Values.postgresql.secret.name) . }}"
key: postgresql-username
key: username
- name: CVAT_POSTGRES_DBNAME
valueFrom:
secretKeyRef:
name: "{{ tpl (.Values.postgresql.secret.name) . }}"
key: postgresql-database
key: database
- name: CVAT_POSTGRES_PASSWORD
valueFrom:
secretKeyRef:
name: "{{ tpl (.Values.postgresql.secret.name) . }}"
key: postgresql-password
{{- else }}
- name: CVAT_POSTGRES_HOST
value: "{{ .Values.postgresql.external.host }}"
- name: CVAT_POSTGRES_USER
value: "{{ .Values.postgresql.external.user }}"
- name: CVAT_POSTGRES_DBNAME
value: "{{ .Values.postgresql.external.dbname }}"
- name: CVAT_POSTGRES_PASSWORD
value: "{{ .Values.postgresql.external.password }}"
- name: CVAT_POSTGRES_PORT
value: "{{ .Values.postgresql.external.port }}"
{{- end }}
key: password
{{- if .Values.nuclio }}
- name: CVAT_SERVERLESS
value: "1"

36
helm-chart/templates/cvat_backend/worker_low/deployment.yml
Unescape Escape View File

@ -59,39 +59,37 @@ spec:
- name: CVAT_REDIS_HOST
value: "{{ .Values.redis.external.host }}"
{{- end }}
{{- if .Values.postgresql.enabled }}
- name: CVAT_POSTGRES_HOST
- name: CVAT_REDIS_PASSWORD
valueFrom:
secretKeyRef:
name: "{{ tpl (.Values.postgresql.secret.name) . }}"
key: postgresql-hostname
name: "{{ tpl (.Values.redis.secret.name) . }}"
key: redis-password
{{- if .Values.postgresql.enabled }}
- name: CVAT_POSTGRES_HOST
value: "{{ .Release.Name }}-postgresql"
- name: CVAT_POSTGRES_PORT
value: "{{ .Values.postgresql.service.ports.postgresql }}"
{{- else }}
- name: CVAT_POSTGRES_HOST
value: "{{ .Values.postgresql.external.host }}"
- name: CVAT_POSTGRES_PORT
value: "{{ .Values.postgresql.external.port }}"
{{- end }}
- name: CVAT_POSTGRES_USER
valueFrom:
secretKeyRef:
name: "{{ tpl (.Values.postgresql.secret.name) . }}"
key: postgresql-username
key: username
- name: CVAT_POSTGRES_DBNAME
valueFrom:
secretKeyRef:
name: "{{ tpl (.Values.postgresql.secret.name) . }}"
key: postgresql-database
key: database
- name: CVAT_POSTGRES_PASSWORD
valueFrom:
secretKeyRef:
name: "{{ tpl (.Values.postgresql.secret.name) . }}"
key: postgresql-password
{{- else }}
- name: CVAT_POSTGRES_HOST
value: "{{ .Values.postgresql.external.host }}"
- name: CVAT_POSTGRES_USER
value: "{{ .Values.postgresql.external.user }}"
- name: CVAT_POSTGRES_DBNAME
value: "{{ .Values.postgresql.external.dbname }}"
- name: CVAT_POSTGRES_PASSWORD
value: "{{ .Values.postgresql.external.password }}"
- name: CVAT_POSTGRES_PORT
value: "{{ .Values.postgresql.external.port }}"
{{- end }}
key: password
{{- if .Values.nuclio }}
- name: CVAT_SERVERLESS
value: "1"

23
helm-chart/values.yaml
Unescape Escape View File

@ -185,23 +185,20 @@ postgresql:
external:
host: 127.0.0.1
port: 5432
user: postgres
password: postgres
dbname: cvat
# If not external following config will be applied by default
global:
postgresql:
existingSecret: "{{ .Release.Name }}-postgres-secret"
auth:
existingSecret: "{{ .Release.Name }}-postgres-secret"
username: cvat
database: cvat
service:
ports:
postgresql: 5432
secret:
create: true
name: "{{ .Release.Name }}-postgres-secret"
password: cvat_postgresql
postgres_password: cvat_postgresql_postgres
replication_password: cvat_postgresql_replica
postgresqlDatabase: cvat
postgresqlUsername: cvat
service:
port: 5432
redis:
#See https://github.com/bitnami/charts/blob/master/bitnami/redis/ for more info
@ -209,7 +206,11 @@ redis:
external:
host: 127.0.0.1
auth:
enabled: false
existingSecret: "{{ .Release.Name }}-redis-secret"
secret:
create: true
name: "{{ .Release.Name }}-redis-secret"
password: cvat_redis
cluster:
enabled: false

82
site/content/en/docs/administration/advanced/k8s_deployment_with_helm.md
Unescape Escape View File

@ -226,9 +226,85 @@ See <https://helm.sh/>
```
### How to understand what diff will be inflicted by 'helm upgrade'?
You can use <https://github.com/databus23/helm-diff#install> for that
### I want to use my own postgresql/redis with your chart.
Just set `postgresql.enabled` or `redis.enabled` to `false`, as described below.
Then - put your instance params to "external" field
### I want to use my own postgresql with your chart.
Just set `postgresql.enabled` to `false` in the override file, then put the parameters of your database
instance in the `external` field.
You may also need to configure `username`, `database` and `password` fields
to connect to your own database:
```yml
postgresql:
enabled: false
external:
host: postgresql.default.svc.cluster.local
port: 5432
auth:
username: cvat
database: cvat
secret:
password: cvat_postgresql
```
In example above corresponding secret will be created automatically, but if you want to use existing secret change `secret.create` to `false` and set `name` of existing secret:
```yml
postgresql:
enabled: false
external:
host: postgresql.default.svc.cluster.local
port: 5432
secret:
create: false
name: "my-postgresql-secret"
```
The secret must contain the `database`, `username` and `password`
keys to access to the database
like:
```yml
apiVersion: v1
kind: Secret
metadata:
name: "my-postgresql-secret"
namespace: default
type: generic
stringData:
database: cvat
username: cvat
password: secretpassword
```
### I want to use my own redis with your chart.
Just set `redis.enabled` to `false` in the override file, then put the parameters of your Redis
instance in the `external` field.
You may also need to configure `password` field to connect to your own Redis:
```yml
redis:
enabled: false
external:
host: redis.hostname.local
secret:
password: cvat_redis
```
In the above example the corresponding secret will be created automatically, but if you want to use an existing secret
change `secret.create` to `false` and set `name` of the existing secret:
```yml
redis:
enabled: false
external:
host: redis.hostname.local
secret:
create: false
name: "my-redis-secret"
```
The secret must contain the `redis-password` key like:
```yml
apiVersion: v1
kind: Secret
metadata:
name: "my-redis-secret"
namespace: default
type: generic
stringData:
redis-password: secretpassword
```
### I want to override some settings in values.yaml.
Just create file `values.override.yaml` and place your changes here, using same structure as in `values.yaml`.
Then reference it in helm update/install command using `-f` flag

2
supervisord/utils.conf
Unescape Escape View File

@ -30,7 +30,7 @@ numprocs=1
[program:rqscheduler]
command=%(ENV_HOME)s/wait-for-it.sh %(ENV_CVAT_REDIS_HOST)s:6379 -t 0 -- bash -ic \
"python3 /opt/venv/bin/rqscheduler --host %(ENV_CVAT_REDIS_HOST)s -i 30"
"python3 /opt/venv/bin/rqscheduler --host %(ENV_CVAT_REDIS_HOST)s --password %(ENV_CVAT_REDIS_PASSWORD)s -i 30"
environment=SSH_AUTH_SOCK="/tmp/ssh-agent.sock"
numprocs=1

Write Preview
Loading…
Cancel
Save